Saltstack远程执行
远程执行是saltstack核心功能之一,使用salt模块可以给选定的minion端发送执行某条命令的指示,并获得返回结果,比如
[root@saltstack-node1 ~]# salt 'saltstack-node2.lichengbing.com' test.ping
saltstack-node2.lichengbing.com:
True
salt → 命令
saltstack-node2.lichengbing.com → 管理对象
test.ping → 模块(这里的ping并不是指我们熟知的网络ping命令)
命令
salt是saltstack使用最多的一个管理minion命令,但是并不表示就这么一个命令,saltstack命令包括
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | /usr/bin/salt /usr/bin/salt-cp /usr/bin/salt-key /usr/bin/salt-master /usr/bin/salt-minion /usr/bin/salt-run /usr/bin/salt-unity /usr/bin/salt-call /usr/bin/salt-run /usr/bin/salt-ssh /usr/bin/salt-syndic /usr/bin/salt-api /usr/bin/salt-cloud #这些命令官网有详细的解释和用法,我们后续也会做相关示例讲解 参考地址 https://www.unixhot.com/docs/saltstack/contents.html |
管理对象
管理对象是我们远程执行的操作主机,saltstack的主机选择支持很多方式,正则匹配、列表匹配、Granis匹配、组匹配、复合匹配、Pillar匹配、CIDR匹配等
1)正则匹配
| 1 2 3 4 5 6 7 8 9 10 | [root@saltstack-node1 ~]# salt -E 'salt*' test.ping #salt*是一个简单的正则表达式 saltstack-node2.lichengbing.com: True saltstack-node1.lichengbing.com: True [root@saltstack-node1 ~]# salt -E 'saltstack-node[1|2]*' test.ping saltstack-node2.lichengbing.com: True saltstack-node1.lichengbing.com: True |
2)列表匹配
| 1 2 3 4 5 | [root@saltstack-node1 ~]# salt -L saltstack-node1.lichengbing.com,saltstack-node2.lichengbing.com test.ping # L 主机用逗号分隔开 saltstack-node2.lichengbing.com: True saltstack-node1.lichengbing.com: True |
3)Grains匹配
| 1 2 3 4 5 6 7 | [root@saltstack-node1 ~]# salt -G 'os:CentOS' test.ping #选择Grains os键值为CentOS的主机 saltstack-node2.lichengbing.com: True saltstack-node1.lichengbing.com: True #Grains是minion启动时收集的一组系统相关的静态数据,后续会有讲解 #Pillar类似Grains |
4)组匹配
saltstack可以提前给minion定义组角色,然后以组名来批量匹配
修改master配置文件
| 1 2 3 4 5 6 7 8 | [root@saltstack-node1 ~]# vim /etc/salt/master nodegroups: web: 'L@saltstack-node1.lichengbing.com,saltstack-node2.lichengbing.com' [root@saltstack-node1 ~]# salt -N web test.ping saltstack-node2.lichengbing.com: True saltstack-node1.lichengbing.com: True |
5)复合匹配
| 1 2 3 4 5 6 | [root@saltstack-node1 ~]# salt -C 'G@os:CentOS or L@saltstack-node2.lichengbing.com' test.ping saltstack-node2.lichengbing.com: True saltstack-node1.lichengbing.com: True #G@os:CentOS or L@saltstack-node2是使用的一个复合组合,支持 and or 关联多个条件 |
6)CIDR匹配
CIDR就是网络中的无类别域间路由,网段匹配
| 1 2 3 4 5 | [root@saltstack-node1 ~]# salt -S '172.16.2.0/24' test.ping saltstack-node2.lichengbing.com: True saltstack-node1.lichengbing.com: True |
模块
模块是可以理解为saltstack已经为我们写好的一组可以操作minion主机的命令
saltstack自带的模块功能十分丰富和强大,当然我们也可以自定义一些相关模块(这里需要注意的是,saltstack自带的模块是Master端和Minion端同时存在的,如果在Master自定义模块需要先同步到Minion再执行才能得到返回结果,当然这个同步saltstack会帮我们完成)
自带模块
saltstack自带模块参考:https://www.unixhot.com/docs/saltstack/contents.html
查看所有module列表
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 | [root@saltstack-node1 ~]# salt 'saltstack-node1*' sys.list_modules saltstack-node1.lichengbing.com: [root@saltstack-node1 ~]# salt 'saltstack-node1*' sys.list_modules saltstack-node1.lichengbing.com: - acl - aliases - alternatives - apache - archive - artifactory - at - augeas - beacons - bigip - blockdev - bridge - btrfs - buildout - cloud - cmd - composer - config - consul ··· |
这里我们讨论几个平时生产实践中最常用到的模块 State Modules
1)sys.doc模块
sys.doc类似于我们Linux系统中man命令,可以很方便的查看相关模块介绍和用法
| 1 2 3 4 5 6 | [root@saltstack-node1 ~]# salt 'saltstack-node1*' sys.doc test.ping test.ping: Used to make sure the minion is up and responding. Not an ICMP ping. Returns ``True``. CLI Example: salt '*' test.ping |
2)cmd模块
查看指定模块的所有function
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | [root@saltstack-node1 ~]# salt 'saltstack-node1*' sys.list_functions cmd saltstack-node1.lichengbing.com: - cmd.exec_code - cmd.exec_code_all - cmd.has_exec - cmd.powershell - cmd.retcode - cmd.run - cmd.run_all - cmd.run_bg - cmd.run_chroot - cmd.run_stderr - cmd.run_stdout - cmd.script - cmd.script_retcode - cmd.shell - cmd.shells - cmd.tty - cmd.which - cmd.which_bin |
查看指定模块的使用方法
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | [root@saltstack-node1 ~]# salt 'saltstack-node1*' sys.doc cmd.run CLI Example: salt '*' cmd.run "ls -l | awk '/foo/{print \\$2}'" The template arg can be set to 'jinja' or another supported template engine to render the command arguments before execution. For example: salt '*' cmd.run template=jinja "ls -l /tmp/`grains`.`id` | awk '/foo/{print \\$2}'" Specify an alternate shell with the shell parameter: salt '*' cmd.run "Get-ChildItem C:\\ " shell='powershell' A string of standard input can be specified for the command to be run using the ``stdin`` parameter. This can be useful in cases where sensitive information must be read from standard input.: salt '*' cmd.run "grep f" stdin='one\\ntwo\\nthree\\nfour\\nfive\\n' If an equal sign (``=``) appears in an argument to a Salt command it is interpreted as a keyword argument in the format ``key=val``. That processing can be bypassed in order to pass an equal sign through to the remote shell command by manually specifying the kwarg: salt '*' cmd.run cmd='sed -e s/=/:/g' |
比如查看磁盘使用率
| 1 2 3 | [root@saltstack-node1 ~]# salt 'saltstack-node1*' cmd.run "df -h|grep sda3" saltstack-node1.lichengbing.com: /dev/sda3 9.0G 2.7G 6.4G 29% / |
3)cp模块
将指定minion下的指定文件拷贝到salt cache目录(/var/cache/salt/minion/localfiles),相当于备份
| 1 2 3 | [root@saltstack-node1 ~]# salt 'saltstack-node1*' cp.cache_local_file /etc/hosts saltstack-node1.lichengbing.com: /var/cache/salt/minion/localfiles/etc/hosts |
将master file_roots下的目录拷贝到minion
| 1 2 3 | [root@saltstack-node1 salt]# salt 'saltstack-node1*' cp.get_dir salt://base/ minion/dest #相当于命令 [root@saltstack-node1 minion]# salt-cp '*' /etc/hosts /tmp/123 |
下载文件到指定目录
| 1 2 3 | [root@saltstack-node1 ~]# salt 'saltstack-node2*' cp.get_url http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm /tmp/1 saltstack-node2.lichengbing.com: /tmp/1 |
4)status模块
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | [root@saltstack-node1 salt]# salt 'saltstack-node2*' sys.list_functions status saltstack-node2.lichengbing.com: - status.all_status - status.cpuinfo - status.cpustats - status.custom - status.diskstats - status.diskusage - status.loadavg - status.master - status.meminfo - status.netdev - status.netstats - status.nproc - status.pid - status.ping_master - status.procs - status.time - status.uptime - status.version - status.vmstats - status.w |
查看系统负载
| 1 2 3 4 5 6 7 8 9 | [root@saltstack-node1 salt]# salt 'saltstack-node2*' status.loadavg saltstack-node2.lichengbing.com: ---------- 1-min: 0.08 15-min: 0.24 5-min: 0.22 |
5)cron模块
实现minion主机的定时任务操作
查看主机定时任务
| 1 2 3 4 5 | [root@saltstack-node1 ~]# salt '*' cron.raw_cron root saltstack-node2.lichengbing.com: */5 * * * * /usr/sbin/ntpdate time.nist.gov >dev/null 2>&1 saltstack-node1.lichengbing.com: */5 * * * * /usr/sbin/ntpdate time.nist.gov >dev/null 2>&1 |
为指定的minion添加定时任务
| 1 | [root@saltstack-node1 ~]# salt '*' cron.set_job root '*' '*' '*' '*' 1 /usr/local/weekly |
删除指定任务
| 1 | [root@saltstack-node1 ~]# salt '*' cron.rm_job root '*' '*' '*' '*' 1 /usr/local/weekly |
6)file模块
被控主机文件常见操作,包括文件读写、权限、查找、校验等
修改所以minion 的/etc/passwd 文件的属组、用户权限,等价于chown root:root /etc/passwd
| 1 | [root@saltstack-node1 ~]# salt '*' file.chown /etc/passwd root root |
检查minion端/etc目录是否存在
| 1 2 3 4 5 | [root@saltstack-node1 ~]# salt '*' file.directory_exists /etc saltstack-node2.lichengbing.com: True saltstack-node1.lichengbing.com: True |
获取minion passwd文件stats信息
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | [root@saltstack-node1 ~]# salt '*' file.stats /etc/passwd saltstack-node2.lichengbing.com: ---------- atime: 1475060056.71 ctime: 1474959828.71 gid: 0 group: root inode: 17844978 mode: 0644 mtime: 1474959828.71 size: 1513 target: /etc/passwd type: file uid: 0 user: root |
获取minion passwd权限信息
| 1 2 3 4 5 | [root@saltstack-node1 ~]# salt '*' file.get_mode /etc/passwd saltstack-node2.lichengbing.com: 0644 saltstack-node1.lichengbing.com: 0644 |
穿件opt/test目录
| 1 2 3 4 5 | [root@saltstack-node1 ~]# salt '*' file.mkdir /opt/test saltstack-node2.lichengbing.com: None saltstack-node1.lichengbing.com: None |
删除
| 1 2 3 4 5 | [root@saltstack-node1 ~]# salt '*' file.remove /opt/test saltstack-node2.lichengbing.com: True saltstack-node1.lichengbing.com: True |
创建文件
| 1 2 3 4 5 | [root@saltstack-node1 ~]# salt '*' file.touch /tmp/test.txt saltstack-node2.lichengbing.com: True saltstack-node1.lichengbing.com: True |
追加内容
| 1 2 3 4 5 | [root@saltstack-node1 ~]# salt '*' file.append /tmp/test.txt "10000" saltstack-node2.lichengbing.com: Wrote 1 lines to "/tmp/test.txt" saltstack-node1.lichengbing.com: Wrote 1 lines to "/tmp/test.txt" |
修改内容
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | [root@saltstack-node1 ~]# salt '*' file.sed /tmp/test.txt "10000" "1" saltstack-node2.lichengbing.com: ---------- pid: 57521 retcode: 0 stderr: stdout: saltstack-node1.lichengbing.com: ---------- pid: 42333 retcode: 0 stderr: stdout: |
收集文件校验
| 1 2 3 4 5 | [root@saltstack-node1 ~]# salt '*' file.get_sum /etc/passwd md5 saltstack-node2.lichengbing.com: 500ef551a710b9b486ddb32602fb3f13 saltstack-node1.lichengbing.com: 8f683526b18c55429422442d1c06caa0 |
7)Network模块
返回minion主机网络信息
获取主机dig网站域名信息
| 1 2 3 | [root@saltstack-node1 ~]# salt '*' network.dig www.baidu.com [root@saltstack-node1 ~]# salt '*' network.ping www.baidu.com [root@saltstack-node1 ~]# salt '*' network.traceroute www.baidu.com |
MAC地址
| 1 2 3 4 5 | [root@saltstack-node1 ~]# salt '*' network.hwaddr eth0 saltstack-node1.lichengbing.com: 00:0c:29:94:18:ea saltstack-node2.lichengbing.com: 00:0c:29:1a:87:b4 |
网卡配置信息
| 1 2 3 4 5 6 7 8 | [root@saltstack-node1 ~]# salt '*' network.ip_addrs saltstack-node2.lichengbing.com: - 10.0.0.184 - 10.0.0.186 - 172.16.2.186 saltstack-node1.lichengbing.com: - 10.0.0.185 - 172.16.2.185 |
判断是否属于子网
| 1 2 3 4 5 | [root@saltstack-node1 ~]# salt '*' network.in_subnet 172.16.2.0/24 saltstack-node2.lichengbing.com: True saltstack-node1.lichengbing.com: True |
8)pkg模块
minion端主机主机程序包管理
为被控主机安装PHP环境,根据不同系统发行版调用不同安装工具进行部署,如redhat平台的yum,等价于yum -y install php
| 1 2 3 | [root@saltstack-node1 ~]# salt '*' pkg.install php [root@saltstack-node1 ~]# salt '*' pkg.remove php [root@saltstack-node1 ~]# salt '*' pkg.upgrade php |
9)service模块
minion端主机服务管理
开启、禁用Nginx开机自启动服务
| 1 2 | [root@saltstack-node1 ~]# salt '*' service.enable nginx [root@saltstack-node1 ~]# salt '*' service.disable nginx |
常规服务操作
| 1 2 3 4 5 | [root@saltstack-node1 ~]# salt '*' service.start nginx [root@saltstack-node1 ~]# salt '*' service.stop nginx [root@saltstack-node1 ~]# salt '*' service.restart nginx [root@saltstack-node1 ~]# salt '*' service.reload nginx [root@saltstack-node1 ~]# salt '*' service.status nginx |
saltstack还有很多模块,如
user(系统用户模块)
group(系统组模块)
partition(系统分区模块)
puppet(puppet管理模块)
system(系统重启、关机模块)
timezone(时区管理模块)
nginx(Nginx管理模块)
iptables(被控主机iptables支持模块)
mount(文件系统挂载模块) 等等...
